.jpg)
Security operations are gaining new AI-powered agents to automate and accelerate threat investigation. Tanium, a leader in Autonomous IT, has announced the general availability of its Tanium Security Triage Agent and Tanium Security Triage Agent with Identity Insights within Microsoft Security Copilot. These agents are designed to autonomously investigate security alerts by leveraging Tanium's real-time endpoint intelligence and Microsoft's AI, empowering analysts to respond to threats with greater speed and precision.
Tanium's Security Triage Agent is now generally available in Microsoft Security Copilot.
A version with Identity Insights integrates data from Microsoft Entra ID and Sentinel.
The agents autonomously investigate alerts from Tanium Threat Response.
They collect endpoint artifacts, analyze context, and recommend next steps.
The goal is to streamline and accelerate alert triage for security operations centers.
The agents are available for deployment via the Microsoft Security Storefront.
The Tanium Security Triage Agent is built to tackle the high-volume, repetitive task of initial alert investigation. When a Tanium Threat Response alert is triggered, the agent autonomously collects relevant endpoint artifacts and analyzes the context. The enhanced version, Tanium Security Triage Agent with Identity Insights, further enriches this investigation by pulling in identity information from the Microsoft Sentinel data lake and Microsoft Entra ID. This provides a more comprehensive view of the incident, linking endpoint activity with user identity to help determine the severity and scope of a potential threat.
By automating the initial data gathering and correlation, these agents free security analysts from manual evidence collection. The agents provide summarized findings and recommended next steps directly within the Security Copilot interface. This enables analysts to make faster, more informed decisions about how to respond, whether that involves closing a false positive or escalating a genuine incident for remediation. “The Tanium Security Triage Agent... combine[s] Tanium’s real-time endpoint intelligence with Microsoft’s AI. Together, we’re empowering security analysts to investigate and respond to threats with speed, precision and confidence," said Dan Varga, vice president of engineering at Tanium.
The agents are purpose-built for the Microsoft Security Copilot environment, which provides a unified AI-powered defense framework. They operate securely within Microsoft's Zero-Trust architecture and are easily discoverable and deployable through the Microsoft Security Storefront. This seamless integration allows joint customers to enhance their security operations posture without complex setup, leveraging the combined power of Tanium's endpoint control and Microsoft's global threat intelligence and AI capabilities. Vasu Jakkal, corporate vice president of Microsoft Security, stated, “AI is the force multiplier for defenders, and when partners bring their agentic innovation into the Security Copilot ecosystem, the impact is exponential."
The general availability of these Tanium agents marks a significant step in the practical application of agentic AI for cybersecurity. By transforming alert triage from a manual process into an automated, intelligent workflow, they help security teams keep pace with the volume and sophistication of modern threats, ultimately strengthening an organization's overall cyber resilience.
About Tanium
Tanium Autonomous IT offers the most comprehensive solution for intelligently managing endpoints across industries, providing capabilities for asset discovery and inventory, vulnerability management, endpoint management, incident response, risk and compliance and digital employee experience. The Tanium Autonomous IT platform supports customers worldwide, including 40 of the Fortune 100, to become unstoppable by delivering increasingly efficient operations and an improved security posture at scale, with confidence, and in real-time.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.